X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fauth%2FCmsUserManagerImpl.java;h=d21e8616c10e3ce5e9d513f7653357856c7ddc02;hb=a1e5c8447beec2b896b0a03e38a4c17608a4b85d;hp=109a0d4066e65561a76d4801f3ed035989a685ff;hpb=b7c2f2cc2f6f74762031567e9e636ff277ebc7c7;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java index 109a0d406..d21e8616c 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/auth/CmsUserManagerImpl.java @@ -8,15 +8,17 @@ import java.time.ZoneOffset; import java.time.ZonedDateTime; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.Dictionary; import java.util.HashMap; import java.util.HashSet; +import java.util.Hashtable; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.Set; import java.util.UUID; -import javax.jcr.Node; import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.security.auth.Subject; @@ -25,18 +27,17 @@ import javax.transaction.UserTransaction; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.argeo.api.NodeConstants; import org.argeo.cms.CmsUserManager; import org.argeo.cms.auth.CurrentUser; import org.argeo.cms.auth.UserAdminUtils; -import org.argeo.jcr.JcrUtils; import org.argeo.naming.LdapAttrs; import org.argeo.naming.NamingUtils; import org.argeo.naming.SharedSecret; -import org.argeo.node.NodeConstants; import org.argeo.osgi.useradmin.TokenUtils; import org.argeo.osgi.useradmin.UserAdminConf; +import org.argeo.osgi.useradmin.UserDirectory; import org.osgi.framework.InvalidSyntaxException; -import org.osgi.framework.ServiceReference; import org.osgi.service.useradmin.Authorization; import org.osgi.service.useradmin.Group; import org.osgi.service.useradmin.Role; @@ -59,11 +60,12 @@ public class CmsUserManagerImpl implements CmsUserManager { private final static Log log = LogFactory.getLog(CmsUserManagerImpl.class); private UserAdmin userAdmin; - @Deprecated - private ServiceReference userAdminServiceReference; - private Map serviceProperties; +// private Map serviceProperties; private UserTransaction userTransaction; + private Map> userDirectories = Collections + .synchronizedMap(new LinkedHashMap<>()); + @Override public String getMyMail() { return getUserMail(CurrentUser.getUsername()); @@ -204,24 +206,41 @@ public class CmsUserManagerImpl implements CmsUserManager { + dns.keySet().toString() + ". Unable to chose a default one."); } +// public Map getKnownBaseDns(boolean onlyWritable) { +// Map dns = new HashMap(); +// String[] propertyKeys = serviceProperties.keySet().toArray(new String[serviceProperties.size()]); +// for (String uri : propertyKeys) { +// if (!uri.startsWith("/")) +// continue; +// Dictionary props = UserAdminConf.uriAsProperties(uri); +// String readOnly = UserAdminConf.readOnly.getValue(props); +// String baseDn = UserAdminConf.baseDn.getValue(props); +// +// if (onlyWritable && "true".equals(readOnly)) +// continue; +// if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN)) +// continue; +// if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN)) +// continue; +// dns.put(baseDn, uri); +// } +// return dns; +// } + public Map getKnownBaseDns(boolean onlyWritable) { Map dns = new HashMap(); - String[] propertyKeys = userAdminServiceReference != null ? userAdminServiceReference.getPropertyKeys() - : serviceProperties.keySet().toArray(new String[serviceProperties.size()]); - for (String uri : propertyKeys) { - if (!uri.startsWith("/")) - continue; - Dictionary props = UserAdminConf.uriAsProperties(uri); - String readOnly = UserAdminConf.readOnly.getValue(props); - String baseDn = UserAdminConf.baseDn.getValue(props); + for (UserDirectory userDirectory : userDirectories.keySet()) { + Boolean readOnly = userDirectory.isReadOnly(); + String baseDn = userDirectory.getBaseDn().toString(); - if (onlyWritable && "true".equals(readOnly)) + if (onlyWritable && readOnly) continue; if (baseDn.equalsIgnoreCase(NodeConstants.ROLES_BASEDN)) continue; if (baseDn.equalsIgnoreCase(NodeConstants.TOKENS_BASEDN)) continue; - dns.put(baseDn, uri); + dns.put(baseDn, UserAdminConf.propertiesAsUri(userDirectories.get(userDirectory)).toString()); + } return dns; } @@ -374,25 +393,31 @@ public class CmsUserManagerImpl implements CmsUserManager { @Override public void addAuthToken(String userDn, String token, Integer hours, String... roles) { + addAuthToken(userDn, token, ZonedDateTime.now().plusHours(hours), roles); + } + + @Override + public void addAuthToken(String userDn, String token, ZonedDateTime expiryDate, String... roles) { try { userTransaction.begin(); User user = (User) userAdmin.getRole(userDn); String tokenDn = cn + "=" + token + "," + NodeConstants.TOKENS_BASEDN; Group tokenGroup = (Group) userAdmin.createRole(tokenDn, Role.GROUP); - for (String role : roles) { - Role r = userAdmin.getRole(role); - if (r != null) - tokenGroup.addMember(r); - else { - if (!role.equals(NodeConstants.ROLE_USER)) { - throw new IllegalStateException( - "Cannot add role " + role + " to token " + token + " for " + userDn); + if (roles != null) + for (String role : roles) { + Role r = userAdmin.getRole(role); + if (r != null) + tokenGroup.addMember(r); + else { + if (!role.equals(NodeConstants.ROLE_USER)) { + throw new IllegalStateException( + "Cannot add role " + role + " to token " + token + " for " + userDn); + } } } - } tokenGroup.getProperties().put(owner.name(), user.getName()); - if (hours != null) { - String ldapDate = NamingUtils.instantToLdapDate(ZonedDateTime.now().plusHours(hours)); + if (expiryDate != null) { + String ldapDate = NamingUtils.instantToLdapDate(expiryDate); tokenGroup.getProperties().put(description.name(), ldapDate); } userTransaction.commit(); @@ -408,36 +433,36 @@ public class CmsUserManagerImpl implements CmsUserManager { } } - public User createUserFromPerson(Node person) { - String email = JcrUtils.get(person, LdapAttrs.mail.property()); - String dn = buildDefaultDN(email, Role.USER); - User user; - try { - userTransaction.begin(); - user = (User) userAdmin.createRole(dn, Role.USER); - Dictionary userProperties = user.getProperties(); - String name = JcrUtils.get(person, LdapAttrs.displayName.property()); - userProperties.put(LdapAttrs.cn.name(), name); - userProperties.put(LdapAttrs.displayName.name(), name); - String givenName = JcrUtils.get(person, LdapAttrs.givenName.property()); - String surname = JcrUtils.get(person, LdapAttrs.sn.property()); - userProperties.put(LdapAttrs.givenName.name(), givenName); - userProperties.put(LdapAttrs.sn.name(), surname); - userProperties.put(LdapAttrs.mail.name(), email.toLowerCase()); - userTransaction.commit(); - } catch (Exception e) { - try { - userTransaction.rollback(); - } catch (Exception e1) { - log.error("Could not roll back", e1); - } - if (e instanceof RuntimeException) - throw (RuntimeException) e; - else - throw new RuntimeException("Cannot create user", e); - } - return user; - } +// public User createUserFromPerson(Node person) { +// String email = JcrUtils.get(person, LdapAttrs.mail.property()); +// String dn = buildDefaultDN(email, Role.USER); +// User user; +// try { +// userTransaction.begin(); +// user = (User) userAdmin.createRole(dn, Role.USER); +// Dictionary userProperties = user.getProperties(); +// String name = JcrUtils.get(person, LdapAttrs.displayName.property()); +// userProperties.put(LdapAttrs.cn.name(), name); +// userProperties.put(LdapAttrs.displayName.name(), name); +// String givenName = JcrUtils.get(person, LdapAttrs.givenName.property()); +// String surname = JcrUtils.get(person, LdapAttrs.sn.property()); +// userProperties.put(LdapAttrs.givenName.name(), givenName); +// userProperties.put(LdapAttrs.sn.name(), surname); +// userProperties.put(LdapAttrs.mail.name(), email.toLowerCase()); +// userTransaction.commit(); +// } catch (Exception e) { +// try { +// userTransaction.rollback(); +// } catch (Exception e1) { +// log.error("Could not roll back", e1); +// } +// if (e instanceof RuntimeException) +// throw (RuntimeException) e; +// else +// throw new RuntimeException("Cannot create user", e); +// } +// return user; +// } public UserAdmin getUserAdmin() { return userAdmin; @@ -448,12 +473,21 @@ public class CmsUserManagerImpl implements CmsUserManager { } /* DEPENDENCY INJECTION */ - public void setUserAdmin(UserAdmin userAdmin, Map serviceProperties) { + public void setUserAdmin(UserAdmin userAdmin) { this.userAdmin = userAdmin; - this.serviceProperties = serviceProperties; +// this.serviceProperties = serviceProperties; } public void setUserTransaction(UserTransaction userTransaction) { this.userTransaction = userTransaction; } + + public void addUserDirectory(UserDirectory userDirectory, Map properties) { + userDirectories.put(userDirectory, new Hashtable<>(properties)); + } + + public void removeUserDirectory(UserDirectory userDirectory, Map properties) { + userDirectories.remove(userDirectory); + } + }